{ pkgs, nixpkgs-unstable, ... }:
let
  mastodonNekoversePatches = pkgs.fetchgit {
    url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
    hash = "sha256-HZP9UndsOcBhFV5T70R1HlYrCL+cqViZVJxHptxZKB8=";
  };
  mastodonNekoverseOverlay = final: prev: {
    mastodon = (prev.mastodon.override rec {
      version = "4.2.1";
      srcOverride = final.applyPatches {
        src = final.fetchgit {
          url = "https://github.com/mastodon/mastodon.git";
          rev = "v${version}";
          sha256 = "sha256-SM9WdD+xpxo+gfBft9DARV6QjwNbF2Y9McVrrdDT3fw=";
        };
        patches = [
          "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch"
          #"${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch"
          "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch"
          "${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch"
          "${mastodonNekoversePatches}/patches/006_increase_display_name_character_limit.patch"
          "${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch"
        ];
      };
      yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE=";
    });
  };
  pkgs-overlay = nixpkgs-unstable.legacyPackages."x86_64-linux".extend mastodonNekoverseOverlay;
  vapidPublicKey = pkgs.writeText "vapid-public-key" "BDCbFEDCZ8eFuWr3uEq4Qc30UFZUQeNpF8OCw6OjPwAtaKS1yTM3Ue749Xjqy5WhBDjakzlixh4Gk7gluUhIdsU=";
in
{
  disabledModules = [
    "services/databases/postgresql.nix"
    "services/web-apps/mastodon.nix"
  ];

  imports = [
    "${nixpkgs-unstable}/nixos/modules/services/databases/postgresql.nix"
    "${nixpkgs-unstable}/nixos/modules/services/web-apps/mastodon.nix"
  ];

  services.mastodon = {
    enable = true;
    package = pkgs-overlay.mastodon;
    localDomain = "social.nekover.se";
    secretKeyBaseFile = "/secrets/mastodon-secret-key-base.secret";
    otpSecretFile = "/secrets/mastodon-otp-secret.secret";
    vapidPublicKeyFile = "${vapidPublicKey}";
    vapidPrivateKeyFile = "/secrets/mastodon-vapid-private-key.secret";
    smtp = {
      authenticate = true;
      host = "mail-1.grzb.de";
      port = 465;
      user = "social@nekover.se";
      passwordFile = "/secrets/mastodon-email-smtp-pass.secret";
      fromAddress = "Nekoverse <nyareply@nekover.se>";
    };
    streamingProcesses = 3;
    extraConfig = {
      SMTP_TLS = "true";
      ES_PRESET = "single_node_cluster";
    };
    elasticsearch.host = "127.0.0.1";
  };
}